vault-scribe
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) because it processes untrusted source materials (transcripts and notes) and has file-system access via permitted tools.
- Ingestion points:
SKILL.md(Step 1) specifies reading full transcripts, notes, or briefs as the primary source material. - Boundary markers: The skill provides a structured format in
SKILL.md(Step 9) that places transcripts within a fenced code block at the end of the document, which serves as a basic data boundary. - Capability inventory: The skill uses
Read,Grep,Edit, andWritetools to modify files within the user's vault. - Sanitization: There are no specific instructions for the agent to sanitize content or explicitly ignore embedded commands within the ingested transcript data.
Audit Metadata